Protect mobile apps with App Hardening, Code Obfuscation, Anti-Tampering, Anti-Debugging, Anti-Reversing and more.
This Knowledge Base article explains how you can fully protect and harden any mobile app without code or coding.
We hope you find it useful and enjoy using Appdome!
About Mobile App Protection
ONEShield™ by Appdome combines Appdome’s existing app hardening features, among them anti-tampering, anti-debugging and anti-reversing protections, with the power of new technologies that include TOTALCode™ Obfuscation, encrypted strings and preferences, and other features — making Appdome the single most comprehensive solution to protect mobile apps.
ONEShield™ by Appdome is added during Fusion in all cases. Whether you are Fusing an app with the Appdome Mobile Security Suite, an EMM SDK, or an Identity SDK, Appdome’s ONEShield™ protection is added to your app.
The app you are Fusing on Appdome can be built with any tool such as Xcode for iOS or Android Studio using any mobile development frameworks such as Xamarin, Cordova, and React Native.
How to add ONEShield™ to any mobile app on Appdome
Follow these step-by-step instructions to add ONEShield™ to Any Mobile App:
Upload a Mobile App to Your Account
Select the ONEShield™ section
When Fusing with Appdome Security, an EMM SDK, and/or an Identity SDK, you will see a “ONEShield™ by Appdome” section.
Click to expand ONEShield™ by Appdome:
View and/or select the ONEShield™ options that will be integrated into the app without you having to write a single line of code. With ONEShield™ your app is enabled with:
- Anti-Debugging – Appdome prevents anybody from debugging a Fused app.
- Anti-Tampering – Appdome protects a Fused app from being changed or modified by anyone.
- Anti-Reversing – Appdome encrypts key logical elements and resources such as methods, strings, and assets to make reverse engineering of a Fused app impossible.
- Prevent running on Simulators
A common method for attackers to compromise applications is to run them on a simulator (which is an environment completely under the control of the attacker). Appdome implements measures to recognize that it runs on a simulator and forces a termination of the application instance.
- Checksum Validation
Appdome verifies that the application has not been modified since it was sealed.
- App Integrity/Structure Scan
Appdome looks for weakening elements in the application such as malicious URLs.
- Obfuscate Fused Services
Appdome’s core code and the additional services selected will be obfuscated. In addition, the data embedded in Aappdome’s code will be encrypted so as to prevent common “recon” attacks such as searching for strings in the code.
It should be worth noting that 3rd party services will not get obfuscated, only Appdome’s core and adapters. So for example, the code responsible forTOTALDataTM Encryption will be obfuscated, while for AirWatch only the adapter code that glues the SDK to the application will be obfuscated, the AirWatch code will remain as it is.
- TOTALCode Obfuscation – Appdome obfuscates the entire app binary of a Fused app. It protects workflows and business logic across the binary, without the need to code or expose source code. Inside TOTALCode™ Obfuscation, Appdome can also encrypt strings and resources – Appdome removes the last option for hackers to reverse engineer an app by encrypting all the Fused apps’ constants, strings, and run-time information.
- Encrypt In-App Preferences
Appdome encrypts preferences such as username, email, contact information and other Personal Identifiable Information (PII) data that are otherwise stored “in the clear” inside an app.
- Binary Code Obfuscation
Appdome renders individual instructions unrecognizable for attackers.
- Flow Relocation
Appdome scrambles the control flow of the application.
- Non-Native Code Obfuscation
- Encrypt Strings and Resources
Encrypt strings residing in the application’s code and resources residing in the application’s package.
- Encrypt In-App Preferences
As shown in the following picture, many of the ONEShield™ options are always enabled for protection of your app. For TOTALCode™ Obfuscation, encrypt strings, resources, and in-app preferences, you will need to enable the options.
After you have made your selections, click Fuse My App and in about 20 – 40 seconds your app will be protected with ONEShield™. Pretty awesome!
After Adding ONEShield™ to a Mobile App on Appdome
After you have added ONEShield™ to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
That is it – Enjoy Appdome’s ONEShield™ protection in your app!
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.